> ## Documentation Index
> Fetch the complete documentation index at: https://support.lilt.com/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS Configuration

### Background:

The first step when helping a customer set-up AWS credentials is to ask their IT department if they have:

* Keys for a user with TranslateFullAccess and AmazonS3FullAccess policies
* An S3 bucket that user has access to

If the customer does not have a keys for a user with that information or a bucket. Someone from their IT department will have to do the following:

## Access:

Configuring the AWS Configuration in AI Hub, will enable the customer to access all available services via the AWS Bedrock ecosystem, including:

* Amazon Titan Express
* AI21 Labs
* Anthropic Claude Models via Bedrock (Sonnet 4.5, Haiku 4.5, Opus 4.1, and Opus 4.5) for LILT Create
* Amazon Textract
* Amazon Transcribe

### Create a new user

* Search for IAM and select IAM.
* Select Users, “Create User”
* <Frame>
    <img src="https://mintcdn.com/lilt-db26f913/vwqbRrDJ5X4ar99N/images/0e8edc14-image-20231212-203741.png?fit=max&auto=format&n=vwqbRrDJ5X4ar99N&q=85&s=68b97ea909d49c37fe64f68a3b4579bc" alt="" width="1336" height="568" data-path="images/0e8edc14-image-20231212-203741.png" />
  </Frame>
* You do not need to select “Provide user access to the AWS Management Console”
* Attach policies directly
  * TranslateFullAccess
  * AmazonS3FullAccess
  * AmazonTextractFullAccess (OCR Only)
  * AmazonTranscribeFullAccess (ASR only)
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/h-pj1JNusV0pbQh0/images/a3009d23-image-20231212-203813.png?fit=max&auto=format&n=h-pj1JNusV0pbQh0&q=85&s=2c2582118e205d351a336c11a0708a4f" alt="" width="1280" height="552" data-path="images/a3009d23-image-20231212-203813.png" />
    </Frame>
* Now click Create User
* Search for the user created in the previous step and select
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/9ZG5_AaqnpC5rx0I/images/d606509b-image-20231212-203850.png?fit=max&auto=format&n=9ZG5_AaqnpC5rx0I&q=85&s=cd4fd11cd9517f22e259ac80108f9928" alt="" width="1288" height="540" data-path="images/d606509b-image-20231212-203850.png" />
    </Frame>
* Click Security credentials
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/39zJavhRvES4F0j6/images/90240f90-image-20231212-203915.png?fit=max&auto=format&n=39zJavhRvES4F0j6&q=85&s=52cb4d778ccd4d08a88b286a8100f15c" alt="" width="1272" height="542" data-path="images/90240f90-image-20231212-203915.png" />
    </Frame>
* Click “Create access key”
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/HjBo5oHsJrmt2O3Y/images/f0bbe17d-image-20231212-203954.png?fit=max&auto=format&n=HjBo5oHsJrmt2O3Y&q=85&s=288d367b295f2d262f86598fed86b925" alt="" width="1280" height="548" data-path="images/f0bbe17d-image-20231212-203954.png" />
    </Frame>
* Select Third-party service, select Next
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/lnVcbbfqf7Qsc1DF/images/30ef6e14-image-20231212-204021.png?fit=max&auto=format&n=lnVcbbfqf7Qsc1DF&q=85&s=225fe076fe5443634c0d9280b4e65014" alt="" width="1278" height="546" data-path="images/30ef6e14-image-20231212-204021.png" />
    </Frame>
* Name the key
* Download .csv file this is your “AWS Access Key ID” and “AWS secret access key”. You will not be able to recreate the .csv

### Create AWS data access ARN

* Search for the user you created in “Create user” steps
* Click into the user
  * Scroll down to Permissions policies
  * Select “TranslateFullAccess”
  * The ARN will be on the top right

<Frame>
  <img src="https://mintcdn.com/lilt-db26f913/3R7hZDN-ARwV47Fg/images/22d3eb1c-image-20231212-204102.png?fit=max&auto=format&n=3R7hZDN-ARwV47Fg&q=85&s=6577c71596453407f67f61758e88f4ef" alt="" width="1284" height="546" data-path="images/22d3eb1c-image-20231212-204102.png" />
</Frame>

### Create S3 Bucket

* Type in S3 in bar
* Click S3
* Create Bucket
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/hfZqI6QM8RWdL07H/images/b2923b0c-image-20231212-204129.png?fit=max&auto=format&n=hfZqI6QM8RWdL07H&q=85&s=4a6f8bab5ae2f57c50b759298b32ef68" alt="" width="1222" height="542" data-path="images/b2923b0c-image-20231212-204129.png" />
    </Frame>
  * Choose an AWS region
    * We recommend US-EAST-1
  * Select a General purpose
  * Name the bucket
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/h-pj1JNusV0pbQh0/images/a51e53f7-image-20231212-204158.png?fit=max&auto=format&n=h-pj1JNusV0pbQh0&q=85&s=dae79e1d92ab81386417e15102e9fd38" alt="" width="1284" height="550" data-path="images/a51e53f7-image-20231212-204158.png" />
    </Frame>
  * Unselect “block public access”
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/8rkVo9mxa5OhiGRW/images/53849dfa-image-20231212-204230.png?fit=max&auto=format&n=8rkVo9mxa5OhiGRW&q=85&s=8ed0afc08c07ec0054fd78d3cf080531" alt="" width="1230" height="526" data-path="images/53849dfa-image-20231212-204230.png" />
    </Frame>
  * Disable Bucket versioning
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/n80KXPcaeRoHaTeg/images/6ca6a460-image-20231212-204254.png?fit=max&auto=format&n=n80KXPcaeRoHaTeg&q=85&s=49be1836395599195470df1979d0834c" alt="" width="1294" height="552" data-path="images/6ca6a460-image-20231212-204254.png" />
    </Frame>
  * (Optional) we recommend that you add a LILT tag, so that you can track your usage
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/8rkVo9mxa5OhiGRW/images/592b5b09-image-20231212-204321.png?fit=max&auto=format&n=8rkVo9mxa5OhiGRW&q=85&s=937fda2abb89fcd28928e8dc27537564" alt="" width="1292" height="554" data-path="images/592b5b09-image-20231212-204321.png" />
    </Frame>
  * Click create the bucket
  * <Frame>
      <img src="https://mintcdn.com/lilt-db26f913/JYCZK8MjjALJwC0p/images/3b010668-image-20231212-204346.png?fit=max&auto=format&n=JYCZK8MjjALJwC0p&q=85&s=8eefaf6f7c45912e4d2a76c0a9a9909d" alt="" width="1290" height="542" data-path="images/3b010668-image-20231212-204346.png" />
    </Frame>
* Enter this bucket name into LILT’s Amazon credentials, and select the region the Bucket is assigned

### FAQs

Q: Which Amazon Translate **actions** do I need to include in the IAM policy?

A: Translate, S3 bucket

Q: Do specific **resource types** need to be indicated in the policy or the ARN?

A: Ideally yes, you would create a very specific IAM. Without specific resource types, someone could have more or less privileges than what you want on your AWS account.

Q: For the **ARN**, we need more information about what exactly is required. Is this for encryption?

A: No it is to access translate client, S3, and other resources needed for translation.

Q: What happens if we turn on the "**Use Terminology**" option? Will this create a terminology resource in AWS with our LILT glossary/TB or the other way around (it will use custom terminology already uploaded to AWS)?

A: LILT will send the terminology from the data source to AWS, and the terminology will be used in AWS.